Hi,
LiveU MMH server Lu2000 need inbound access with UDP port 8601 to 8612.
Aviwest Streamhub need inbound access with UDP port 7901 to 7904
We have at our location Ubiquity USG Pro 4 with a fiber link, where everything works fine with both servers.
We’re testing our Peplink Max HD2 with the same fiber link, just by switching the Wan1 from USG 4P to Wan1 of HD2, so without adding any other router, switch or firewall or SiM card.
… but nothing works, either with firmware 8.1.3 build 5172 and previous 8.1.0 build 4943.
What already done :
→ port forwarding : using range to the IP Server and selecting all interface (where Wan1 see Public IP of the provider)
→ NAT mapping
→ Firewall Acess Rules → Inbound → Wan Any, protocol UDP, source Any, port range 8601 to 8612, destination IP server adress, port range 8601 to 8612, action : allow
So, now, we’re stucked and any help would be much appreciate !
Kind regards,
SteF.
Sounds like you have the right config, but to help us sanity check could you share some screenshots of the WAN config, the NAT config, outbound policy and firewall rules?
I would also suggest temporarily enabling logging on the friewall rules as that way you can check packets are actually hitting the interface as expected.
You can also take a packet capture from the support.cgi interface (access via https://routerlanip/cgi-bin/MANGA/support.cgi) if you want to see what is arriving at the WAN interface.
2 Likes
Maybe post some screen shots of your configuration.
On a HD2 to achieve what you want, all you would need to do is add the ports that need to be forwarded in Inbound Access > Port Forwarding. Once you have set the right LAN IP range of course.
One way I test this stuff is to create a any:any allow inbound firewall rule on the HD2 WAN1 then enable logging so I can see what’s going on…
1 Like
Inboud firewall rule doesn’t work
Ports forwarding don’t work : stream doesn’t start
Wan Config
Wan 1 config
No traffic from and to SpeedFusion Cloud
With or without NAT Mapping, nothing change ; so this is without anything
Here Firewall LOG with Firewall inbound Any:Any (as you cas see inpciture of the other reply)
** is this the correct adress you would link ? https://routerlanip/cgi-bin/MANGA/support.cgi
… cause this adress can’t be reached with the computer’s browser connected to the Peplink Router
Yes thats right. In your case it would be https://192.168.50.1/cgi-bin/MANGA/support.cgi
I don’t see any successful attempts for UDP traffic on your open ports (8601-8612) just loads of TCP traffic. Maybe block TCP and only allow and log UDP traffic in the rules to make it easier to see?
1 Like
Firewall rules:
There is no need to specify the incoming source port in most instance, if the device connecting in is coming from behind any kind of NAT it will almost certainly have the source port rewritten and be randomised, whilst I see that rule is disabled I would change the source port to ANY for later use.
As the default rule is currently set to accept any/any/any as it is, so aside from enabling logging as we suggested that rule for your LiveU is not actually required unless you change the default policy to deny (which you probably should).
Otherwise the config as you have shown it for the NAT looks fine, so at this point I’d start looking at a packet capture of an incoming connection attempt from both the WAN side and the LAN side and see where the traffic is getting lost. It would probably be helpful when you are doing this if you know the source IP of the incoming connection to help filter out the packet capture in Wireshark.
1 Like
Hi there. Did you ever find a solution to this? I’m having the same problem with LiveU!
Don’t think there was any follow up from the OP, but if you were to start a new thread perhaps with some details like what was requested above relating to the IP/ports/rules/config on the peplink side I am sure it can be figured out.
1 Like
Yes, sorry fort he late reply ; quite busy & so on …
A solution has been find ; I’ll come back to post screenshot asap.
Kind regards.
1 Like
After a long long time, this is what we did to make it working.
